Created
November 11, 2018 17:46
-
-
Save iolloyd/c75aebae6031a28bada7ad5531ef18f9 to your computer and use it in GitHub Desktop.
a super small secure docker container for golang binaries using Alpine and multi-stage builds
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The smallest starting point is the alpine image | |
| FROM golang:alpine as builder | |
| RUN apk update && apk add git && add ca-certificates | |
| RUN adduser -D -g '' appuser | |
| COPY . $GOPATH/src/mypackage/myapp/ | |
| WORKDIR $GOPATH/src/mypackage/myapp/ | |
| RUN go get -d -v | |
| RUN CGO_ENABLE=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/hello | |
| FROM scratch | |
| COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ss/certs/ | |
| COPY --from=builder /etc/passwd /etc/passwd | |
| COPY --from=builder /go/bin/hello /go/bin/hello | |
| USER appuser | |
| EXPOSE 9292 | |
| ENTRYPOINT ["/go/bin/hello"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment